×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Major Vulnerability In Tinder Dating App Allowed User Tracking

timothy posted about 2 months ago | from the coming-from-inside-the-building dept.

Privacy 23

An anonymous reader writes "Include Security unveiled new research showing that users of the popular online dating app Tinder were at significant risk due to a vulnerability they discovered in the geo-location feature of the application. This vulnerability allowed Tinder users to track each another's exact location for much of 2013. Anyone with rudimentary programming skills could query the Tinder API directly and pull down the co-ordinates of any user. This resulted in a privacy violation for the users of the application." Include Security has posted a video that shows how the the flaw could be exploited, before it was fixed last month.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

23 comments

tracking (5, Funny)

schneidafunk (795759) | about 2 months ago | (#46294389)

Bug or feature? I thought the whole point of the app was to stalk people. I must have been using it wrong.

Re:tracking (1)

interkin3tic (1469267) | about 2 months ago | (#46294693)

It's supposed to be used to find people who are willing to have sex with you: if you're on slashdot and it shows you people, you are indeed using it wrong.

Re:tracking (1)

davester666 (731373) | about 2 months ago | (#46296511)

Or you are using it right and the app has a serious bug.

Or the mythical 'nerd-girl' has entered our plane of existence for a visit. She has needs too...

Re:tracking (4, Interesting)

JoeMerchant (803320) | about 2 months ago | (#46294705)

One of the old dating websites (in the 1990s), used to tell you how far potential dates lived from you - harmless enough, unless you live in Key West or a similar linear settlement, that gives a really big circle on which the person could live.

However, if you signed up for 3 (free, no verification required) accounts, and gave your different accounts different addresses around town, you could get three distances to the same potential date, giving a rather accurate estimate of their domicile location.... or, at least whatever they input when they signed up - if they were as paranoid as me, they also had three accounts and none of them had an accurate address.

Re:tracking (0)

Anonymous Coward | about 2 months ago | (#46296529)

...if they were as paranoid as me, they also had three accounts and none of them had an accurate address.

If they were as paranoid as you, it would be sufficient with a single account with an incorrect location. Having three accounts is only needed if you want to find others.

Re:tracking (0)

Anonymous Coward | about 2 months ago | (#46295101)

Bug or feature? I thought the whole point of the app was to stalk people. I must have been using it wrong.

Either way, I find it pretty fucking funny that damn near every single app that has gained popularity these days promising to mask or hide the user (or their images) in some way has ended in ultimate shame and embarassment as these apps are picked apart to reveal exactly what they were designed NOT to do.

Early bird gets the worm... (1)

BisuDagger (3458447) | about 2 months ago | (#46294401)

and the second mouse always gets the cheese. Time to make a clone app called Timber with pitbull strength security.

Re:Early bird gets the worm... (0)

Anonymous Coward | about 2 months ago | (#46294561)

Call it Timbr and you might just win the Internet, and a restraining order from Ke$ha.

Welcome to 2 days ago (0)

mandark1967 (630856) | about 2 months ago | (#46294427)

when the story was broken on another site.

Our tumbly, 6-sided overlords must be please that we're finally catching up to the likes of Reddit

Re:Welcome to 2 days ago (4, Interesting)

JoeMerchant (803320) | about 2 months ago | (#46294761)

Well established, /. is not the place for breaking news, it's got an older moderation system that wasn't designed to get stuff to the front page quickly, in internet time. Compared to print media, /. is more or less on par with a good daily newspaper's story reporting speed (is there such a thing as a good daily newspaper anymore?)

Reddit is pretty good about bubbling up interesting stuff to the front within an hour or two, though the good AMAs always seem to make the front page just after the host has signed off...

If you want to read about what's going to be on CNN, Fox, et. al. tomorrow, watch the Reuters feeds. The news of the weird stuff usually comes across RSS 5 to 7 days before it makes it out on morning radio shows...

If you need your news faster than Reddit gets it to you, I think you have to be personally present where it is happening.

Re:Welcome to 2 days ago (1)

kaizendojo (956951) | about 2 months ago | (#46294781)

+1 - (Never have the damn mod points when I need them!)
Thanks for an informative and lucid reply to an off handed comment.

Re:Welcome to 2 days ago (0)

Anonymous Coward | about a month ago | (#46303307)

Me thinks someone with mod points needs to learn that this comment is -not- off-topic.

Seriously (0)

Anonymous Coward | about 2 months ago | (#46294445)

Who uses this crap?

Re:Seriously (0)

Anonymous Coward | about 2 months ago | (#46294937)

Women who have eyebrows drawn on with a Sharpie, from what I've observed using the app.

other services are similar (1)

K98ksj091j2 (3534877) | about 2 months ago | (#46295077)

Other services don't provide as accurate data, but with GPS spoffing you can get pretty good idea in not densely populated areas

Frimst stoP (-1)

Anonymous Coward | about 2 months ago | (#46295313)

flaws i8 7he BSD

Headline confusion... (1)

CCarrot (1562079) | about 2 months ago | (#46295961)

Major Vulnerability In Tinder Dating App Allowed User Tracking

On reading this headline, I thought this was some app used by scientists to compute carbon dating on tinder found in archeological digs...strangely specific, but I could see it existing. Not a huge user base for it, though, so why the fuss about user tracking? And why bother? "Both of them are in the lab...now they're at the dig site...now they're at the bar. Repeat."

Clearly my hopes for scientific stories on Slashdot are overly optimistic... :(

Re:Headline confusion... (1)

ceazare (1029260) | about 2 months ago | (#46297109)

Meh, I expected an app that would tell you the age of a felled tree by counting the rings. I'd find that useful, being in the business.

Olympic Village (1)

ShaunC (203807) | about 2 months ago | (#46296955)

Considering I'd never even heard of this app until some Olympian young lady made a big deal out of it, I doubt this was much of a breach. All of the app's users were in the Olympic Village and they know where one another are, anyway.

mod edo3n (-1)

Anonymous Coward | about 2 months ago | (#46297667)

it just 0wnz.', It's best to try
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...